Implements #3105
Initial work to add elastisearch alerts
Initial implementation of ES alerts
Implements version check
Implements flow alerts format
Changes Elasticsearch index name
Comments the Elasticsearch alert endpoint
Class was not used and didn't handle concurrent accesses to strings,
yielding crashes such as
Thread 14 "stats_update.lu" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffb3fff700 (LWP 25268)]
0x00005555556b9183 in IpAddress::intoa (this=0x28c, buf=0x7fffb3ffe030 "", bufLen=64, bitmask=255 '\377') at src/IpAddress.cpp:352
352 src/IpAddress.cpp: No such file or directory.
(gdb)
(gdb) bt
at src/GenericHash.cpp:222
#9 0x00005555556c0413 in NetworkInterface::walker (this=0x555556159e70, begin_slot=0x7fffb3ffe454, walk_all=true, wtype=walker_flows, walker=0x5555556c6b79 <host_flow_update_stats(GenericHashEntry*, void*, bool*)>,
user_data=0x7fffb3ffe458) at src/NetworkInterface.cpp:795
#10 0x00005555556c6f7c in NetworkInterface::periodicStatsUpdate (this=0x555556159e70, vm=0x7fffac0a5578) at src/NetworkInterface.cpp:2589
#11 0x0000555555671d62 in ntop_periodic_stats_update (vm=0x7fffac0a5578) at src/LuaEngine.cpp:6304
#12 0x000055555576c2f6 in luaD_precall ()
#13 0x0000555555777acd in luaV_execute ()
#14 0x000055555576c5cf in luaD_call ()
#15 0x000055555576c621 in luaD_callnoyield ()
#16 0x000055555576ba42 in luaD_rawrunprotected ()
#17 0x000055555576c91b in luaD_pcall ()
#18 0x0000555555769cd4 in lua_pcallk ()
#19 0x0000555555681e8a in LuaEngine::run_loaded_script (this=0x7fffac01fe10) at src/LuaEngine.cpp:12188
#20 0x000055555563eca2 in ThreadedActivity::runScript (this=0x555562aee4e0, now=1585309410, script_path=0x7fff88002620 "/usr/share/ntopng/scripts/callbacks/interface/stats_update.lua", iface=0x555556159e70, deadline=1585309420)
at src/ThreadedActivity.cpp:418
#21 0x00005555556ba04d in ThreadPool::run (this=0x5555624525a0) at src/ThreadPool.cpp:103
#22 0x00005555556b9c79 in doRun (ptr=0x5555624525a0) at src/ThreadPool.cpp:31
#23 0x00007ffff65aa6db in start_thread (arg=0x7fffb3fff700) at pthread_create.c:463
#24 0x00007ffff3ea388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
The Flow API is now composed of the following methods:
- Flow::setDetectedProtocol to manually set a protocol on the flow
and terminate the dissection
- Flow::processPacket to run the nDPI dissection on the raw packets
- Flow::endProtocolDissection to terminate or give up the dissection
Also fixes the flow sampling rate preference, which was never used.
- Move score from status definition to user scripts
- Separate flow score counter from the peers score
- Create a new HostScore class to hold the score data
